SIP User's Manual 138 Document #: LTRT-83310
Mediant 600 & Mediant 1000
Parameter Name Description
Authentication Method
[IPsecSATable_AuthenticationM
ethod]
Selects the method used for peer authentication during IKE
main mode.
[0] Pre-shared Key (default)
[1] RSA Signature = in X.509 certificate
Note: For RSA-based authentication, both peers must be
provisioned with certificates signed by a common CA. For more
information on certificates, see 'Server Certificate Replacement'
on page 89.
Shared Key
[IPsecSATable_SharedKey]
Defines the pre-shared key (in textual format). Both peers must
use the same pre-shared key for the authentication process to
succeed.
Notes:
This parameter is applicable only if the Authentication
Method parameter is set to pre-shared key.
The pre-shared key forms the basis of IPSec security and
therefore, it should be handled with care (the same as
sensitive passwords). It is not recommended to use the
same pre-shared key for several connections.
Since the ini file is plain text, loading it to the device over a
secure network connection is recommended. Use a secure
transport such as HTTPS, or a direct crossed-cable
connection from a management PC.
After it is configured, the value of the pre-shared key cannot
be retrieved.
Source Port
[IPsecSATable_SourcePort]
Defines the source port to which this configuration applies.
The default value is 0 (i.e., any port).
Destination Port
[IPsecSATable_DestPort]
Defines the destination port to which this configuration applies.
The default value is 0 (i.e., any port).
Protocol
[IPsecSATable_Protocol]
Defines the protocol type to which this configuration applies.
Standard IP protocol numbers, as defined by the Internet
Assigned Numbers Authority (IANA) should be used, for
example:
0 = Any protocol (default)
17 = UDP
6 = TCP
IKE SA Lifetime
[IPsecSATable_Phase1SaLifetim
eInSec]
Determines the duration (in seconds) for which the negotiated
IKE SA (Main mode) is valid. After this time expires, the SA is
re-negotiated.
Note: Main mode negotiation is a processor-intensive operation;
for best performance, do not set this parameter to less than
28,800 (i.e., eight hours).
The default value is 0 (i.e., unlimited).
IPSec SA Lifetime (sec)
[IPsecSATable_Phase2SaLifetim
eInSec]
Determines the duration (in seconds) for which the negotiated
IPSec SA (Quick mode) is valid. After this time expires, the SA
is re-negotiated.
The default value is 0 (i.e., unlimited).
Note: For best performance, a value of 3,600 (i.e., one hour) or
more is recommended.
To Next Page
Loading...
